Bugtraq mailing list archives
Possible backdoor in ftpd?
From: jseng () darwin technet sg (James Seng)
Date: Wed, 8 Feb 1995 11:03:30 +0800 (SST)
I have recieve this log from my xferlog from my ftpsite. Mon Feb 6 22:59:03 1995 1 merlion.singnet.com.sg 9 /incoming/cr b _ i a brains@ ftp 0 * Mon Feb 6 22:59:59 1995 1 merlion.singnet.com.sg 9 /incoming/cr b _ i a brains@ ftp 0 * What he basically does is that he has uploaded a file called 'cr' (9 bytes) in binary mode into my ftp.technet.sg:/incoming directory. It is nothing of interested except that the file he uploaded (cr) contain chroot / I suspect it has do to with the backdoor in the trojan wu-ftpd which happen to be distributed with bsdi (yea..mine is a bsdi but with a patched ftpd). Anyone has more information on this? -James Seng
Current thread:
- Re: Request for discussion. robert owen thomas (Feb 06)
- Re: Request for discussion. Timothy Newsham (Feb 06)
- <Possible follow-ups>
- Re: Request for discussion. Timothy Newsham (Feb 06)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Timothy Newsham (Feb 06)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Casper Dik (Feb 07)
- Re: Request for discussion. Timothy Newsham (Feb 07)
- Possible backdoor in ftpd? James Seng (Feb 07)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Stephen D. Williams (Feb 07)
- Re: Request for discussion. Aleph One (Feb 07)
- Re: Request for discussion. Julian Assange (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Re: Request for discussion. Karl Strickland (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Sniffer FAQ Christopher Klaus (May 27)
- Security FAQes Update Christopher Klaus (May 27)